Joining a Windows Server to an Active Directory domain allows it to be centrally managed, use domain user accounts, apply Group Policy, and integrate with other domain services. It is one of the first things you do when setting up a new server in an existing environment. Here is how to do it correctly.
Before You Start
- DNS must point to the domain controller. Active Directory relies entirely on DNS. Set the server’s primary DNS server to the IP address of your domain controller — not 8.8.8.8 or your router. This is the most common reason domain joins fail.
- The server must be able to reach the domain controller on the network. Run
ping domainname.localandping DCnameto confirm. - Have domain admin credentials ready. You will need a domain account with permission to join computers to the domain.
- Give the server a meaningful hostname first. The computer name is registered in Active Directory during the join — rename it before joining rather than after (renaming after requires a second reboot).
Set DNS to Point to the Domain Controller
- Open Network and Sharing Centre → Change adapter settings
- Right-click the network adapter → Properties
- Select Internet Protocol Version 4 (TCP/IPv4) → Properties
- Set the Preferred DNS server to the IP address of your domain controller
- Click OK
Confirm DNS is resolving the domain: nslookup yourdomain.local — it should return the domain controller’s IP.
Join the Domain via System Properties
- Right-click the Start button → System
- Click Rename this PC (advanced) or scroll to Advanced system settings
- In the System Properties dialog, click the Computer Name tab → Change
- Under Member of, select Domain and enter your domain name (e.g.
contoso.localorcontoso.com) - Click OK — you will be prompted for domain credentials
- Enter a domain administrator username and password
- Click OK — a “Welcome to the domain” message confirms success
- Restart the server — the join is not complete until after a restart
Join the Domain via PowerShell
# Join domain (prompts for credentials interactively)
Add-Computer -DomainName "contoso.local" -Restart
# Join domain with credentials in the script
$cred = Get-Credential
Add-Computer -DomainName "contoso.local" -Credential $cred -Restart
# Join domain and place the computer account in a specific OU
Add-Computer -DomainName "contoso.local" -OUPath "OU=Servers,OU=IT,DC=contoso,DC=local" -Credential $cred -RestartThe -Restart flag restarts the server immediately after joining. Remove it if you want to restart manually at a convenient time.
Verify the Domain Join
After the restart, log in with a domain account (format: DOMAIN\username or [email protected]) to confirm domain authentication is working. Via PowerShell:
(Get-WmiObject Win32_ComputerSystem).DomainThis should return your domain name (e.g. contoso.local). If it returns WORKGROUP, the server is not domain-joined.
Troubleshooting Domain Join Failures
“The following error occurred attempting to join the domain — DNS name does not exist”: DNS is pointing at the wrong server. Check the NIC’s DNS settings — it must point to the domain controller.
“The credentials supplied conflict with an existing set of credentials”: Windows is caching different credentials. Use the full domain format: CONTOSO\Administrator rather than just Administrator.
“The computer account already exists”: a computer object with this name already exists in Active Directory — either from a previous join or pre-staged. Delete the old computer object in Active Directory Users and Computers, or use a domain admin account that has rights to reuse it.
Clock skew error: Active Directory requires the server’s clock to be within 5 minutes of the domain controller. Check that time synchronisation is working: w32tm /query /status.
After Joining the Domain
- Move the computer account to the correct OU in Active Directory Users and Computers if it was not pre-staged
- Apply any Group Policy Objects (GPOs) relevant to servers
- Add domain accounts or groups to the local Administrators group if needed for management
- Confirm that the server appears in Active Directory and that DNS records were registered correctly
